Rise of the local hacker

Meet your local hacker; he’s already in your network. So, it's imperative that businesses secure their internal systems as well as their peripheral systems.

Johannesburg, 31 Jul 2019
Read time 4min 10sec
Colin Thornton, MD, Turrito Networks.
Colin Thornton, MD, Turrito Networks.

The ransomware attack on City Power demonstrates just how vulnerable critical infrastructure and corporate networks are to cybercrime. And it was a stark reminder that local businesses are under siege.

In SA, there are more than 13 800 attempted cyber attacks every day; malware attacks increased by 22% in the first quarter of 2019, compared with the same period in 2018; and more than 35% of local IT decision-makers are on high alert for a cyber attack on their businesses, within days.

“Traditionally, businesses were targeted by hackers from countries like Russia, China and Nigeria. Now we’re seeing an increase in attacks originating from within SA,” says Colin Thornton, MD of Turrito Networks. “We’re also seeing an increase in the number of attacks launched from within the Local Area Network, often by employees and amateur hackers.”

The security landscape is evolving yet again, and businesses need to pay as much attention to their internal security as they do to their peripheral security, he says.

New dog, new tricks

Local hackers are using simple, common methods to penetrate corporate networks, says Thornton. And they rely on human negligence, intentional or not, to get in.

“We’re seeing an increase in wi-jacking, where hackers gain access to networks, laptops, desktops and servers through the business’s WiFi network, and it’s very easy to do.”

Anyone who has jumped on to a neighbour’s network without permission, has successfully hijacked a WiFi connection. Where before people may have done this to download movies or browse Facebook, we’re now seeing cases where amateur hackers are accessing networks to extort money or steal information, says Thornton. They’re also using the data to create much more advanced and customised phishing campaigns.

“All they need is the password, which can be bought off a rogue employee, and they’re in. And once they’re in, assuming the network isn’t highly protected, they can do a lot of damage.

The devil you know

Businesses should also be careful about who they allow into their systems, says Thornton.

“We’re also seeing cases of malware being deliberately installed by unscrupulous service providers in the IT market. They’re called in to fix something, but may also install spyware to monitor bank account logins, e-mails and customer information. Imagine how much data they can collect if the spyware is not detected.”

With access to even one laptop that has the right permissions, hackers can install malware, steal data or launch a ransomware attack that cripples a City Power utility.

What if?

Thornton says businesses need to pay more attention to configuring their internal networks.

“Traditional IT security products like firewalls and anti-virus are still critical, but not enough businesses are going further. The answers to the following questions would probably worry the average business owner.” These are:

  • What if someone gets hold of the WiFi password?
  • What if an employee deliberately sets out to steal confidential information?
  • What if an employee has malware installed on their laptop and introduces it to the business network?
  • Can anyone with the right username and password access the network, regardless of the device they’re connecting from?
  • Could someone plug a potentially dangerous USB stick, picked up in the parking lot, for instance, into their work laptop?

Many businesses are not prepared for any of these scenarios, says Thornton.

Visibility is crucial

“They need to turn their focus inward. It’s possible to lock down a network, for instance, so that a user connecting from an unknown device, even with the right credentials, would be blocked.”

This involves:

  • Setting up access permissions for users and devices, and updating them regularly;
  • Configuring alerts to flag suspicious behaviour on the network;
  • Setting rules to encrypt business-critical documents the moment they leave the network;
  • Conducting regular security scans; and
  • Regular reporting on the internal and external security environment.

“Just concentrating on the peripheral security layer is no longer good enough. No amount of peripheral security can guard against attacks from the inside,” says Thornton. “Securing internal systems also has ramifications for compliance with the Protection of Personal Information Act: it’s a massive step in the right direction for data protection.”

Thornton says it’s a matter of time before the security landscape evolves again.

“When we step up security in one area, hackers will find vulnerabilities in another. Without the tools, skills and knowledge to secure their internal systems, businesses are fighting a losing battle.”